AWS AmazonCloudWatch documentation change
Summary
Updated wording for clarity ('utilizing'→'using', 'facilitate'→'help') and fixed apostrophe in 'canary's'
Security assessment
Changes are linguistic improvements without security implications. IAM policy descriptions remain functionally unchanged with no new security controls added.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md b/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md index 3d392c318..f6a8037d4 100644 --- a//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md +++ b//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md @@ -62 +62 @@ AIOpsAssistantPolicy – Updated policy | CloudWatch updated the **AIOpsAssista -[ CloudWatchNetworkMonitorServiceRolePolicy](./security-iam-awsmanpol-nw.html#security-iam-CloudWatchNetworkMonitorServiceRolePolicy) – Updated policy | CloudWatch added the `ec2:DescribeRouteTables`, `ec2:DescribeTransitGatewayAttachments`, `ec2:DescribeTransitGatewayRouteTables`, `ec2:SearchTransitGatewayRoutes` permissions to the **CloudWatchNetworkMonitorServiceRolePolicy** managed policy to grant permissions for Network Synthetic Monitor to generate the Network Health Indicator values for customers utilizing Transit Gateways. | December 12, 2025 +[ CloudWatchNetworkMonitorServiceRolePolicy](./security-iam-awsmanpol-nw.html#security-iam-CloudWatchNetworkMonitorServiceRolePolicy) – Updated policy | CloudWatch added the `ec2:DescribeRouteTables`, `ec2:DescribeTransitGatewayAttachments`, `ec2:DescribeTransitGatewayRouteTables`, `ec2:SearchTransitGatewayRoutes` permissions to the **CloudWatchNetworkMonitorServiceRolePolicy** managed policy to grant permissions for Network Synthetic Monitor to generate the Network Health Indicator values for customers using Transit Gateways. | December 12, 2025 @@ -102 +102 @@ CloudWatchSyntheticsFullAccess – Update to an existing policy | CloudWatch up - * `logs:FilterLogEvents` – Required to view logs in a canary’s log group. + * `logs:FilterLogEvents` – Required to view logs in a canary's log group. @@ -265 +265 @@ The **AIOpsConsoleAdminPolicy** policy grants full access to all CloudWatch inve - * The `organizations`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. + * The `organizations`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions. @@ -292 +292 @@ This policy only provides access to investigations. You should be sure that IAM - * The `sso-directory`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. + * The `sso-directory`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions. @@ -309 +309 @@ The **AIOpsReadOnlyAccess** policy grants read-only permissions for CloudWatch i - * The `sso` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. + * The `sso` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions.